25 Facts about Information Security
Read the list of interesting facts just now to get an idea of the typical passwords mistakes and the most prevalent cybercrimes.
More than 50% of users have the same or insignificantly changed password for multiple sites. The conclusion were made by scientists from Virginia Polytechnic Institute and State University who had researched 28 million users' passwords.
The combination “123456” holds the top spot in SplashData's annual “Worst Passwords List”. The simple word “password” remains popular too.
If people include a number in their passphrase in order to strengthen it, they usually add one digit at the end. This is “1” or “2”, as a rule.
Many passwords consist of words in their dictionary form. The majority of men choose terms characterizing their hobby for secret phrases and women use personal names frequently.
While creating accounts, many people choose for password a shortcut name of the website which they are going to use. For example, the most common password for Linkedin is “link”.
According to data from Mail.ru, collected within a recent survey, only the fifth part of users change their e-mail passwords every three months.
26% of users don't change their main passwords at all. Even messages about presumable account takeover attacks cannot make them create a new secret phrase (Yougov, Statista).
Can you imagine a person who uses secret control questions like “Twice two is …”? Such weirdos exist. 15% of prompts copy the password or let hackers unriddle it.
Around 40% of companies store administrator account passwords (the data giving access to all business information) as notes in a Word document or spreadsheet.
The password that includes one short word (let's say, “bike”) can be hacked almost instantly. Hacking of “Bike2018” with common software will take about 7 months. “40Bi!9ke” is likely to withstand an attack lasting for 14 years.
Google's experts and American scientists found out the main ways hackers are stealing private information. First of all, cracking of big websites causes great damage. Phishing (using fake messages from reputable sources) is the second cybercriminals' favorite technique that brings significant losses. The third most serious danger on Internet is keylogging (using special software programs or hardware devices, which record keystrokes).
Nowaday keyloggers and phishing tools collect not only passwords, but also IP addresses, user’s location and information about devices. A password alone isn't sufficient for gaining access to an account sometimes. Authoritative websites reflect hacker attacks successfully enough.
On average 230 new harmful programs intercepting information about keystrokes appear on Internet every day.
Microsoft detects about 100 million account takeover attacks every 24 hours. The figure is increasing steadily.
It isn't so difficult to recognize a phishing emails, however around 30% of them are opened by users. Be careful! Curiosity killed the cat…
Every day out of more than a billion logins to Facebook, 600,000 are impostors attempting to access common users’ photos, messages etc.
Information passing through unprotected free wi-fi can be intercepted with spyware. Intruders don't need to make such a program by themselves. There are a lot of finished products for spying on Internet and they are rarely positioned as piracy software.
Cybercriminals steal graphical passwords for touch screen devices (smartphones and tablets) through automatic analysis of Wi-Fi signal strength. The strength depends on finger movements. A theft of that kind is possible in any airport or cafe.
It is believed that cybercriminals are able to extract graphical keys and PIN-codes by dint of pocket thermal cameras. The gadget identify heat traces of fingers on a screen even after it is left untouched for 30 seconds.
There is a program that identifies passwords through sound of keystrokes. The software learns user’s “handwriting” for 5 minutes. It memorizes unique sounds a keyboard makes as different keys are hit and recreates sequence of typed letters. The test version of this program belongs tо the University of California, Berkeley. Have hackers got any similar tools? Maybe.
extract a card number and expiry date, CVV2 and CVC2 with ease on condition that the data had been saved by a client.
Malefactors often steal children's SSN (Social Security Numbers). Such thefts are difficult to reveal. Here is an example. Thirty-year-old Annette from Montana decided to apply for a mortgage to buy her first house. When drawing up the necessary documents, Annette found out that she has already bought two houses and taken four loans. An adventurer had been using her SSN for 27 years.
Identity theft is the crime the consequences of which are a disaster for victims. The people have to be restoring their reputation for 6-7 years.
The biggest theft of personal data happened in 2013-2014. Criminals stole confidential information about 500 million users of an internet-company - names, dates of birth, passwords, phone numbers.
Engineer Ben Falconer made a crossword puzzle from 1,000 leaked Adobe passwords. He wants people to remember that the most memorable password isn't the best one.